Posted on April 27, 2020 by Paul Mew
Coronavirus has changed the way many people are now working. With millions of people working from home every day, many organisations had to rush to implement remote working in their business prior to the UK lockdown. In the hurry to get employees set up to work at home, compromises will have been made that are now impacting both the productivity and security of an organisation. ramsac’s Technical Director Paul Mew has summarised the advice we are giving our customers on how to ensure their employees are working securely and effectively at home.
Many organisations have moved most of their storage and applications to the cloud, but still have some key services on office-based servers, perhaps voice, a file server and maybe older applications. Given the lack of time to fully prepare for the current mass homeworking scenario, some organisations may have allowed staff to work on personal machines, and set-up a VPN to provide access to these key office-based services.
Our advice both now, and at the time was to avoid the use of VPNs with personal machines. When a device connects via a VPN it is no different to it being connected to your network in the office. The problem this creates is a personal machine doesn’t have the same security controls, such as managed anti-malware software, scheduled patching and limited permissions and therefore poses a significant risk to the network.
Personal machines are also likely to be used by different members of a family, have many different games and applications installed with little control of where they’ve come from.
These all make it far more likely that a personal machine will be infected with malware either before it’s connected to your network, or at some point in the future. That malware will then have access to other machines on your network, as well as your servers. Time saved allowing staff to use personal machines instead of providing them with temporary machines or allowing them to take their office machine home, maybe lost many times over due to malware infecting the entire network, not to mention the loss of data and potential for a ransomware attack.
If you have personal machines in use with VPN already it’s not too late either to suffer an attack, or to remove the risk by moving those users to machines owned and managed by the business. Availability of laptops is starting to improve, so there are some available if you’re able to be flexible around the specification. Obviously, we all need to be staying home, but It may also be worth considering allowing nearby staff to make a short journey to the office to collect their machine, or indeed supplying laptops for home workers, which will then reduce the risk of disruption to your business.
Organisations who have already moved fully to the cloud or use applications which work just through a browser will find remote working easier to manage, especially if there is no requirement for a VPN because they will be able to use personal machines with applications through a browser.
For those who are still using mostly servers in the office for e-mail and file storage, given we’re likely to be experiencing some form of restricted movement for a long period, and there may be further lockdowns in the future, so now is a good time to be moving forward with migrating as much as possible to the cloud. Most of these projects can be completed remotely, and although there are challenges around end-user training they can all be managed.
At ramsac we’re regularly surveying our staff to make sure we’re picking up barriers to people working effectively from home. We’ve ordered webcams, headsets, wireless network adapters, keyboards, mice and even desks for our staff and have arranged for them to be delivered directly to them at home. As an employer you do still have a responsibility for everyone’s working environment, so should be doing what you can to make it as comfortable and effective as possible. We’ve also found that this has really improved morale as it’s demonstrated to staff that we do care about their welfare.
Obviously, there has been an explosion in the use of videoconferencing with the likes of Teams and Zoom over the last few weeks. Many organisations are already using Office 365 so will have access to Teams, and Microsoft is providing free access to others. There have been some limitations with Teams around backgrounds and the number of people that can be on screen at one time, which have pushed some organisations to use other systems such as Zoom, but Microsoft has accelerated development of Teams so it’s likely to be on-par with Zoom within the next few weeks, but without many of the well-publicised security and privacy issues. We have a blog on Teams vs Zoom which compares the two solutions.More resources on remote working during Coronavirus